Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 31 Jul 2005 14:34:27 -0400
From:      "Larry Rosenman" <ler@lerctr.org>
To:        "'Sam Lawrance'" <lawrance@FreeBSD.org>, <ports-committers@FreeBSD.org>, <cvs-ports@FreeBSD.org>, <cvs-all@FreeBSD.org>, <secteam@FreeBSD.org>
Subject:   RE: cvs commit: ports/print/pdflib Makefile ports/print/pdflib/files patch-libs::tiff::tif_dirread.c
Message-ID:  <E1DzIea-0007Hq-G2@lerami.lerctr.org>
In-Reply-To: <200507311549.j6VFnBTp077649@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sam Lawrance wrote:
> lawrance    2005-07-31 15:49:11 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     print/pdflib         Makefile
>     print/pdflib/files   patch-libs::tiff::tif_dirread.c
>   Log:
>   Fix a vulnerability in libtiff embedded in this port.
>   Bump PORTREVISION.
> 
>   Approved by:    ale (maintainer) is away
>   Obtained from:  libtiff CVS http://www.remotesensing.org/libtiff/
>   Security:      
>                  
> http://vuxml.FreeBSD.org/68222076-010b-11da-bc08-0001020eed82.html
> CAN-2005-1544  
> 
>   Revision  Changes    Path
>   1.41      +1 -1      ports/print/pdflib/Makefile
>   1.2       +42 -2    
> ports/print/pdflib/files/patch-libs::tiff::tif_dirread.c
> _______________________________________________ 
> cvs-all@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/cvs-all
> To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Can we get the vulnerability db updated to allow this version to build?

$ sudo portupgrade -f pdflib vim
--->  Upgrading 'pdflib-6.0.1_1' to 'pdflib-6.0.1_2' (print/pdflib)
--->  Building '/usr/ports/print/pdflib'
===>  Cleaning for libiconv-1.9.2_1
===>  Cleaning for gettext-0.14.5
===>  Cleaning for gmake-3.80_2
===>  Cleaning for libtool-1.5.18
===>  Cleaning for expat-1.95.8_3
===>  Cleaning for pdflib-6.0.1_2
===>  pdflib-6.0.1_2 has known vulnerabilities:
=> tiff -- buffer overflow vulnerability.
   Reference:
<http://www.FreeBSD.org/ports/portaudit/68222076-010b-11da-bc08-0001020eed82
.html>
=> Please update your ports tree and try again.
*** Error code 1

Thanks!

LER


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler@lerctr.org
US Mail: 3535 Gaspar Drive, Dallas, TX 75220-3611 US

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1DzIea-0007Hq-G2>